public async Task <IQueryable <Contest> > QueryContestAsync(string?userId, int groupId)
{
var user = await userManager.FindByIdAsync(userId);
var group = await groupService.GetGroupAsync(groupId);
if (group is null)
{
throw new NotFoundException("找不到该小组");
}
if (!PrivilegeHelper.IsTeacher(user?.Privilege))
{
if (group.IsPrivate)
{
if (!dbContext.GroupJoin.Any(i => i.GroupId == groupId && i.UserId == userId))
{
throw new ForbiddenException("未参加该小组");
}
}
}
IQueryable <Contest> contests = dbContext.GroupContestConfig
.Where(i => i.GroupId == groupId).OrderByDescending(i => i.Id).Select(i => i.Contest);
return(contests);
}
public async Task <List <UserBasicInfoModel> > QueryUsersAsync(string patterns)
{
var userId = userManager.GetUserId(User);
var userInfo = await userManager.FindByIdAsync(userId);
var normalizedPatterns = patterns.ToUpper();
var users = userManager.Users.Where(i => i.Email.Contains(normalizedPatterns) ||
i.NormalizedUserName.Contains(normalizedPatterns) ||
(i.Name != null && i.Name.Contains(patterns)));
if (!PrivilegeHelper.IsAdmin(userInfo?.Privilege ?? 0))
{
return(await users.Select(i => new UserBasicInfoModel
{
Email = i.Email,
UserId = i.Id,
UserName = i.UserName
}).ToListAsync());
}
else
{
return(await users.Select(i => new UserBasicInfoModel
{
Name = i.Name,
Email = i.Email,
UserId = i.Id,
UserName = i.UserName
}).ToListAsync());
}
}
public async Task <IQueryable <Problem> > QueryProblemAsync(string?userId, int contestId)
{
var user = await userManager.FindByIdAsync(userId);
var contest = await contestService.GetContestAsync(contestId);
if (contest is null)
{
throw new NotFoundException("找不到该比赛");
}
if (!PrivilegeHelper.IsTeacher(user?.Privilege))
{
if (contest.Hidden)
{
throw new ForbiddenException();
}
}
IQueryable <Problem> problems = dbContext.ContestProblemConfig
.Where(i => i.ContestId == contestId)
.OrderBy(i => i.Id)
.Select(i => i.Problem);
return(problems);
}
public async Task <UserQueryResultListModel> QueryUser(string patterns)
{
var user = await userManager.GetUserAsync(User);
IQueryable <UserInfo> users;
if (PrivilegeHelper.IsTeacher(user.Privilege))
{
users = userManager.Users.Where(i =>
(i.Name != null && i.Name.Contains(patterns)) ||
i.NormalizedEmail.Contains(patterns.ToUpperInvariant()) ||
i.NormalizedUserName.Contains(patterns.ToUpperInvariant()));
}
else
{
users = userManager.Users.Where(i => i.NormalizedUserName.Contains(patterns.ToUpper()));
}
var result = users.Select(i => new UserQueryResultModel
{
UserId = i.Id,
UserName = i.UserName,
Name = i.Name,
Email = i.Email
});
return(new UserQueryResultListModel
{
Users = await result.ToListAsync(),
TotalCount = await result.CountAsync()
});
}
protected override void BeginProcessing()
{
WriteVerbose("Getting current process handle");
_process = PrivilegeHelper.GetCurrentProcess();
WriteVerbose("Getting privilege info for all privileges on the current process");
_privInfo = PrivilegeHelper.GetAllPrivilegeInfo(_process);
}
private static void UpgradePrivilegedHelper()
{
var flags = AuthorizationFlags.Defaults;
using (var auth = Authorization.Create(flags)) {
PrivilegeHelper.Upgrade(auth, flags);
}
}
public async Task <IQueryable <Contest> > QueryContestAsync(string?userId)
{
var user = await userManager.FindByIdAsync(userId);
IQueryable <Contest> contests = dbContext.Contest;
if (!PrivilegeHelper.IsTeacher(user?.Privilege))
{
contests = contests.Where(i => !i.Hidden || (i.SpecifyCompetitors && i.ContestRegister.Any(j => j.ContestId == i.Id && j.UserId == userId)));
}
return(contests);
}
protected override void EndProcessing()
{
if (_setInfo.Count > 0)
{
WriteVerbose("Setting token privileges on the current process");
if (ShouldProcess(String.Join(", ", _setInfo.Keys), $"{Action} the specified privilege(s)"))
{
PrivilegeHelper.SetTokenPrivileges(_process, _setInfo);
}
}
_process.Dispose();
}
public async Task <IQueryable <Group> > QueryGroupAsync(string?userId)
{
var user = await userManager.FindByIdAsync(userId);
IQueryable <Group> groups = dbContext.Group;
if (!PrivilegeHelper.IsTeacher(user?.Privilege))
{
groups = groups.Where(i => (i.IsPrivate && i.GroupJoin.Any(j => j.GroupId == i.Id && j.UserId == userId)) || !i.IsPrivate);
}
return(groups);
}
public async Task <IQueryable <Problem> > QueryProblemAsync(string?userId)
{
var user = await userManager.FindByIdAsync(userId);
IQueryable <Problem> problems = dbContext.Problem;
if (!PrivilegeHelper.IsTeacher(user?.Privilege))
{
problems = problems.Where(i => !i.Hidden);
}
return(problems);
}
private static bool PartialUpgrade()
{
if (!WaitUntilAnotherVersionIsClosed())
{
return(false);
}
if (PrivilegeHelper.IsHelperUpgradeRequired())
{
return(AskAndUpgradeHelper());
}
return(true);
}
private CompletionResult ProcessPrivilege(string privilege)
{
string displayName;
if (Lsa.ALL_RIGHTS.ContainsKey(privilege))
{
displayName = Lsa.ALL_RIGHTS[privilege];
}
else
{
displayName = PrivilegeHelper.GetPrivilegeDisplayName(privilege);
}
return(new CompletionResult(privilege, privilege, CompletionResultType.ParameterValue, displayName));
}
protected override void ProcessRecord()
{
WriteVerbose("Getting current process handle");
using SafeHandle processToken = PrivilegeHelper.GetCurrentProcess();
WriteVerbose("Getting privilege info for all privileges on the current process");
Dictionary <string, PrivilegeAttributes> privilegeInfo = PrivilegeHelper.GetAllPrivilegeInfo(processToken);
if (Name.Length == 0)
{
Name = privilegeInfo.Keys.ToArray();
}
foreach (string privName in Name)
{
if (!PrivilegeHelper.CheckPrivilegeName(privName))
{
ItemNotFoundException exp = new ItemNotFoundException($"Invalid privilege name '{privName}'");
WriteError(new ErrorRecord(exp, "PrivilegeNotFound", ErrorCategory.ObjectNotFound, privName));
continue;
}
string description = PrivilegeHelper.GetPrivilegeDisplayName(privName);
bool enabled = false;
bool enableByDefault = false;
PrivilegeAttributes attr = PrivilegeAttributes.Removed;
bool isRemoved = true;
if (privilegeInfo.ContainsKey(privName))
{
attr = privilegeInfo[privName];
enabled = (attr & PrivilegeAttributes.Enabled) != 0;
enableByDefault = (attr & PrivilegeAttributes.EnabledByDefault) != 0;
isRemoved = false;
}
WriteObject(new Privilege()
{
Name = privName,
Description = description,
Enabled = enabled,
EnabledByDefault = enableByDefault,
Attributes = attr,
IsRemoved = isRemoved,
});
}
}
protected override void ProcessRecord()
{
foreach (string privName in Name)
{
if (!PrivilegeHelper.CheckPrivilegeName(privName))
{
ItemNotFoundException exp = new ItemNotFoundException($"Invalid privilege name '{privName}'");
WriteError(new ErrorRecord(exp, "PrivilegeNotFound", ErrorCategory.ObjectNotFound, privName));
continue;
}
else if (!_privInfo.ContainsKey(privName))
{
if (Action == "remove")
{
WriteVerbose($"The privilege '{privName}' is already removed, no action necessary");
}
else
{
InvalidOperationException exp = new InvalidOperationException(
$"Cannot {Action} privilege '{privName}' as it is not set on the current process");
WriteError(new ErrorRecord(exp, "", ErrorCategory.InvalidOperation, privName));
}
continue;
}
bool enabled = (_privInfo[privName] & PrivilegeAttributes.Enabled) != 0;
if (Action == "remove")
{
WriteVerbose($"The privilege '{privName}' is set, removing from process token");
_setInfo[privName] = null;
}
else if (enabled && Action == "disable")
{
WriteVerbose($"The privilege '{privName}' is enabled, setting new state to disabled");
_setInfo[privName] = false;
}
else if (!enabled && Action == "enable")
{
WriteVerbose($"The privilege '{privName}' is disabled, setting new state to enabled");
_setInfo[privName] = true;
}
else
{
WriteVerbose($"The privilege '{privName}' is already {Action}d, no action necessary");
}
}
}
public Task <ServiceAttachResult> AttachToService()
{
__TaskCompletion = new TaskCompletionSource <ServiceAttachResult>();
PrivilegeHelper.StartAndConnectToLaunchAgent((int connectionPort) => {
if (connectionPort > 0)
{
__TaskCompletion.SetResult(new ServiceAttachResult(connectionPort));
}
else
{
__TaskCompletion.SetResult(new ServiceAttachResult("There was an error launching IVPN Agent."));
}
});
return(__TaskCompletion.Task);
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var dbContext = context.HttpContext.RequestServices.GetService <WebHostDbContext>();
var userId = context.HttpContext.User.FindFirstValue(ClaimTypes.NameIdentifier);
var userInfo = await dbContext.Users.FirstOrDefaultAsync(i => i.Id == userId);
if (userInfo == null)
{
throw new AuthenticationException("没有登录账户");
}
if (!PrivilegeHelper.IsTeacher(userInfo?.Privilege ?? 0))
{
throw new ForbiddenException();
}
await next();
}
public async Task <IQueryable <Problem> > QueryProblemAsync(string?userId, int contestId, int groupId)
{
var user = await userManager.FindByIdAsync(userId);
var contest = await contestService.GetContestAsync(contestId);
if (contest is null)
{
throw new NotFoundException("找不到该比赛");
}
var group = await groupService.GetGroupAsync(groupId);
if (group is null)
{
throw new NotFoundException("找不到该小组");
}
if (!dbContext.GroupContestConfig.Any(i => i.GroupId == groupId && i.ContestId == contestId))
{
throw new NotFoundException("找不到该比赛");
}
if (!PrivilegeHelper.IsTeacher(user?.Privilege))
{
if (contest.Hidden)
{
throw new ForbiddenException();
}
// user was not in this private group
if (group.IsPrivate && !dbContext.GroupJoin.Any(i => i.GroupId == groupId && i.UserId == userId))
{
throw new ForbiddenException("未参加该小组");
}
}
IQueryable <Problem> problems = dbContext.ContestProblemConfig
.Where(i => i.ContestId == contestId)
.OrderBy(i => i.Id)
.Select(i => i.Problem);
return(problems);
}
private static bool FullUpgradeIfRequired()
{
if (!IsRunFromApplicationFolder())
{
NSAlert alert = NSAlert.WithMessage(
"IVPN client can only run from the Applications folder. Please move the IVPN.app into the /Applications folder",
"Quit", null, null, "");
alert.RunModal();
return(false);
}
else
if (PrivilegeHelper.IsHelperUpgradeRequired())
{
return(AskAndUpgradeHelper());
}
return(true);
}
private bool ApplyPatches(Process process)
{
if (process == null)
{
return(false);
}
TOKEN_PRIVILEGES privilege = PrivilegeHelper.SetPrivilege("SeDebugPrivilege");
IntPtr handle = OpenProcessVirtualAccess(process.Id);
bool isOkay = true;
isOkay = isOkay && handle != IntPtr.Zero;
isOkay = isOkay && CheckCrc(handle);
isOkay = isOkay && ApplyCrcPatch(handle);
isOkay = isOkay && ApplyCommPatch(handle);
isOkay = isOkay && ApplyGamePatches(handle);
Kernel32Imports.CloseHandle(handle);
PrivilegeHelper.RestorePrivilege(privilege);
return(isOkay);
}
public async Task <UserInfoModel> UserInfo(string?userId = null)
{
var signedIn = signInManager.IsSignedIn(User);
var userInfoRet = new UserInfoModel
{
SignedIn = string.IsNullOrEmpty(userId) && signedIn
};
if (string.IsNullOrEmpty(userId))
{
userId = userManager.GetUserId(User);
}
var user = await userManager.FindByIdAsync(userId);
var currentUser = string.IsNullOrEmpty(userId) ? user : await userManager.GetUserAsync(User);
if (userId == null || user == null)
{
return(new UserInfoModel());
}
userInfoRet.UserId = user.Id;
userInfoRet.UserName = user.UserName;
userInfoRet.Privilege = user.Privilege;
userInfoRet.Coins = user.Coins;
userInfoRet.Experience = user.Experience;
userInfoRet.OtherInfo = IdentityHelper.GetOtherUserInfo(string.IsNullOrEmpty(user.OtherInfo) ? "{}" : user.OtherInfo);
if (userInfoRet.SignedIn || PrivilegeHelper.IsTeacher(currentUser?.Privilege))
{
userInfoRet.Name = user.Name;
userInfoRet.EmailConfirmed = user.EmailConfirmed;
userInfoRet.PhoneNumberConfirmed = user.PhoneNumberConfirmed;
userInfoRet.Email = user.Email;
userInfoRet.PhoneNumber = user.PhoneNumber;
}
return(userInfoRet);
}
public async Task <bool> ShowShareUIAsync(ShareUIOptions options, DataPackage dataPackage)
{
if (!PrivilegeHelper.IsDeclared(LaunchAppPrivilege))
{
if (this.Log().IsEnabled(LogLevel.Error))
{
this.Log().LogError($"The Launch app privilege must be declared ({LaunchAppPrivilege})");
}
return(false);
}
var appControl = new AppControl
{
Operation = AppControlOperations.ShareText,
};
var dataPackageView = dataPackage.GetView();
if (dataPackageView.Contains(StandardDataFormats.Text))
{
var text = await dataPackageView.GetTextAsync();
appControl.ExtraData.Add(AppControlData.Text, text);
}
var uri = await DataTransferManager.GetSharedUriAsync(dataPackageView);
if (uri != null)
{
appControl.ExtraData.Add(AppControlData.Url, uri.OriginalString);
}
AppControl.SendLaunchRequest(appControl);
return(true);
}
public async Task <ServiceStartResult> StartService()
{
if (!PrivilegeHelper.IsHelperInstalled())
{
Logging.Info("helper is not installed");
bool installHelperResults = false;
await Task.Run(() => {
installHelperResults = PrivilegeHelper.InstallHelper();
});
HelperMethodInstalled(this, new EventArgs());
if (!installHelperResults)
{
Logging.Info("helper installation failed!");
return(new ServiceStartResult(true, "There was an error during installation of the helper. Please try again and contact support if the problem persists."));
}
}
return(new ServiceStartResult(false));
}
public void RegisterUser(User registeredUser)
{
PrivilegeHelper.CheckUserPrivilegeForMethod(((Action <User>)_userManagement.RegisterUser).Method);
_userManagement.RegisterUser(registeredUser);
}
public void PromoteUser(User userToPromote, int newPrivilegeLevel)
{
PrivilegeHelper.CheckUserPrivilegeForMethod(((Action <User, int>)_userManagement.PromoteUser).Method);
_userManagement.PromoteUser(userToPromote, newPrivilegeLevel);
}
public IEnumerable <User> GetRegisteredUsers()
{
PrivilegeHelper.CheckUserPrivilegeForMethod(((Func <IEnumerable <User> >)_userManagement.GetRegisteredUsers).Method);
return(_userManagement.GetRegisteredUsers());
}
public bool IsZoneDisabled(uint zone)
{
PrivilegeHelper.CheckUserPrivilegeForMethod(((Func <uint, bool>)_zoneManagement.IsZoneDisabled).Method);
return(_zoneManagement.IsZoneDisabled(zone));
}
public bool IsSensorDisabled(string sensorId)
{
PrivilegeHelper.CheckUserPrivilegeForMethod(((Func <string, bool>)_zoneManagement.IsSensorDisabled).Method);
return(_zoneManagement.IsSensorDisabled(sensorId));
}
public void RemoveUser(User userToRemove)
{
PrivilegeHelper.CheckUserPrivilegeForMethod(((Action <User>)_userManagement.RemoveUser).Method);
_userManagement.RemoveUser(userToRemove);
}
private bool DoUninstall()
{
var flags = GetAuthorizationFlags();
bool isSuccess = true;
using (var auth = Authorization.Create(flags)) {
// disable firewall
var ret = IVPN.Shell.ShellCommand.RunCommand("/Applications/IVPN.app/Contents/MacOS/cli/ivpn", "firewall -off");
if (ret.IsAborted || ret.ExitCode != 0)
{
Logging.Info("Failed to disable firewall." + ((string.IsNullOrEmpty(ret.ErrorOutput)) ? "" : ret.ErrorOutput));
}
// disconnect (if connected)
ret = IVPN.Shell.ShellCommand.RunCommand("/Applications/IVPN.app/Contents/MacOS/cli/ivpn", "disconnect");
if (ret.IsAborted || ret.ExitCode != 0)
{
Logging.Info("Failed to disconnect." + ((string.IsNullOrEmpty(ret.ErrorOutput)) ? "" : ret.ErrorOutput));
}
// logout
ret = IVPN.Shell.ShellCommand.RunCommand("/Applications/IVPN.app/Contents/MacOS/cli/ivpn", "logout");
if (ret.IsAborted || ret.ExitCode != 0)
{
Logging.Info("Failed to logout." + ((string.IsNullOrEmpty(ret.ErrorOutput)) ? "" : ret.ErrorOutput));
}
if (PrivilegeHelper.IsHelperInstalled())
{
// Hack to force "authentication required" window to pop-up;
auth.ExecuteWithPrivileges("/bin/echo", flags, new string[] { });
if (!PrivilegeHelper.Uninstall(auth))
{
return(false);
}
}
const string IVPNAppBundleID = "net.ivpn.client.IVPN";
// Erasing app NSUserDefaults data
ret = IVPN.Shell.ShellCommand.RunCommand("defaults", $"delete {IVPNAppBundleID}");
if (ret.IsAborted || ret.ExitCode != 0)
{
Logging.Info("Failed to delete application user defaults." + ((string.IsNullOrEmpty(ret.ErrorOutput)) ? "" : ret.ErrorOutput));
isSuccess = false;
}
// Erasing KeyChain
int i = 0;
while (IVPN.Shell.ShellCommand.RunCommand("security", $"delete-generic-password -s {IVPNAppBundleID}").ExitCode == 0)
{
if (i++ > 1000) // ensure that we will not have infinite loop
{
break;
}
}
string[] filesToRemove = new string[] {
"/Library/Logs/IVPN Agent.log",
"/Library/Logs/IVPN Agent.log.0",
"/Library/Logs/IVPN Agent CrashInfo.log",
"/Library/Logs/IVPN Agent CrashInfo.log.0",
"/Library/Application Support/net.ivpn.client.Agent/last-btime", // seems, the file created by OS
System.IO.Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.Personal),
"Library/Preferences/net.ivpn.client.IVPN.plist")
};
string[] foldersToRemove = new string[] {
"/Applications/IVPN.app",
"/Library/Application Support/IVPN/OpenVPN",
System.IO.Path.Combine(System.Environment.GetFolderPath(System.Environment.SpecialFolder.UserProfile), "Library/Application Support/IVPN"),
"/Library/Application Support/IVPN",
"~/Library/Application Support/IVPN",
"/Library/Application Support/net.ivpn.client.Agent/LocalMachine", // seems, the folder created by OS
"/Library/Application Support/net.ivpn.client.Agent" // seems, the folder created by OS
};
foreach (var file in filesToRemove)
{
if (!MacHelpers.RemoveFile(auth, file))
{
Logging.Info(String.Format("Cannot remove: {0}", file));
isSuccess = false;
}
}
foreach (var folder in foldersToRemove)
{
if (!MacHelpers.RemoveDirectory(auth, folder))
{
Logging.Info(String.Format("Cannot remove: {0}", folder));
isSuccess = false;
}
}
}
return(isSuccess);
}
public bool IsSensorDisabled(SensorInfo sensor)
{
PrivilegeHelper.CheckUserPrivilegeForMethod(((Func <SensorInfo, bool>)_zoneManagement.IsSensorDisabled).Method);
return(_zoneManagement.IsSensorDisabled(sensor));
}
